Channels

Services

Chrome 16 update closes security holes

Google has released version 16.0.912.77 of Chrome which closes several security holes in the WebKit-based web browser. The update addresses a total of four vulnerabilities, all of which are rated as "high severity".

These include use-after-free holes in DOM selections and DOM handling, an uninitialised value in the Skia 2D graphics library and a buffer overflow in tree builder. Four bugs that were detected using AddressSanitizer have also been fixed.

The developers note that a critical use-after-free issue in Safe Browsing navigation was corrected in version 16.0.912.75 but was "accidentally excluded from the release notes". Additional details of the vulnerability are being withheld until "a majority of users are up-to-date with the fix".

More details about the Stable channel update can be found in the announcement post on the Google Chrome Releases blog. Chrome 16.0.912.77 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Those who currently have Chrome installed can use the built-in update function.